package com.qf.shiro20230208.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("/order")
public class OrderController {

    @GetMapping("/manager")
    public String manage(){

        // 获取shiro的当前用户对象
        final Subject subject = SecurityUtils.getSubject();


        if (subject.isPermitted("order:get")) {
            System.out.println("ok");
        }else {
            System.out.println("error");
        }

        // 检查 当前用户是否有admin角色
        if (subject.hasRole("admin")) {

            return "redirect:/order.html";
        }else {
            return "redirect:/error.html";
        }




    }
//    @RequiresPermissions({"admin","user"})
    @RequiresPermissions("order:save:*")
    @GetMapping("/save")
    public String save(){
        return  "redirect:order.html";
    }

}
